Trojan variants, lawsuits pile on Sony

Sony BMG Entertainment’s recent troubles – caused by the inclusion of a spyware-like application on nearly two dozen CD-Roms – continued to snowball this week.

The company released a new patch, less than half the size of the original, on Tuesday in response to the uproar over its installation of a rootkit application that could "phone home" information from a PC to Sony or its business partners.

But Mark Russinovich, who first publicly warned of the inclusion of "digital rights management" technology on CDs, was critical of Sony's efforts to help customers, saying the company had made it nearly impossible for them to find fixes on its website.

"The fact that Sony's announcement was directed at the press, and that they've made no effort to make contact with their customers, makes the patch and uninstall look solely like a public relations gesture to the media," Russinovich said on his weblog.

He also identified the new patch as the culprit in another crash of his Windows operating system, showing a screenshot of the "blue screen of death" following shutdown.

Sony, which calls Service Pack 2a "a maintenance release designed to reduce the file size of Service Pack 2," also defends the rootkit download on its website.

"This service pack removes the cloaking technology component that has been recently discussed in a number of articles published regarding the XCP technology used on Sony BMG content protected CDs," the company states. "This component is not malicious and does not compromise security. However to alleviate any concerns that users may have about the program posing potential security vulnerabilities, this update has been released to enable users to remove this component from their computers."

Sony's woes don't end there. Attorney Alan Himmelfarb recently sued the company in California, claiming it has broken three state laws. He is demanding restitution for damages he claims residents of that state suffered when they bought the CDs.

Computer Associates researches also found on Thursday two variants of what's now being called the "Sony Trojan." The only connection between the trojans and the rootkit is their use of $sys$ in file names, Sam Curry, CA vice president of eTrust Security Management, said on Thursday. Once connected, the trojans can execute or delete files, update, remove or restart themselves and retrieve PC information, said Curry, who called the trojans' threat "very low."

CA had already classified the rootkit as spyware.

Researchers from Sophos found the first trojan to take advantage of the Sony rootkit earlier this week. The Stinx-E trojan appears to have been deliberately spammed out to email addresses, posing as a message from a British business magazine, SC Magazine reported, when run it copies itself to a file called $sys$drv.exe. Any file with $sys$ in its name is automatically cloaked by Sony's copy-protection code, making it invisible on computers which have used CDs carrying Sony's copy protection application.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.